Everything you never wanted to know about the UK ID card

Name, rank, serial number...

Passport Control

We've already established that a biometric will be used to tie the bearer to the document, and that we can use a secondary biometric to deal with disputes, and a network check in addition to this. But rewind - how, physically, are we handling this?

We need to have a reader that will take the biometric from the passport and compare it to a handprint (we'll assume we're doing fingers, OK?) which will probably be produced by placing one hand firmly on a flat surface. So we need the people coming in to understand what they're supposed to do and get it right, and we need to deal with failures to read the passport, and we need to intercept jokers, terrorists and our slower brethren who might be using false hands, cunning fingerprint gloves, or even just the wrong hand. We need an attendant combining a nice and a nasty attitude as appropriate to get them through, or whisk them off to another stage in the process where complete failures to read are checked more thoroughly. Maybe you get your terrorists in there, and you'll certainly get some immigration 'issues' but mostly you're likely to net perfectly innocent UK citizens whose fingers are worn/dirty or whose passports are bust. So you're detaining people you wouldn't have detained under the current system, and you need to undetain them pretty fast if you don't want unpleasant headlines about dud government IT systems in the press.

Aside from reading failures and hardware failures, you'll have false matches and failures to identify, and you need procedures to deal with these. For a false match you need to check the secondary biometric to arbitrate, so you need to move these people quickly to that reader, and through it without their thinking 'I am being accused of being a terrorist.' Failure to identify is trickier, because you need to decide on a procedure. If they fail to match up to an apparently working passport, they might also fail to match up to a network check, because you're comparing them to the same thing, right? So do you have a fraud, or do you have somebody with worn fingerprints? If the secondary biometric is iris, then you can check them with that and be pretty sure which, but can you trust facial to be used as a primary identifier? No, you can't, so you you're either treating all of this category of exception as suspect, or you're making human decisions that will, as previously, not always hit the right target. Given that you will be able to check (unless the network is down) whether or not the passport, name and ID exists on the database, you can at least flag failures to read for future investigation.

You might be able to avoid quite a bit of the above if you take a slightly different view of what it you're looking for. Failure to match, or false non-match, can be expected to run at a fairly high rate if false alarm/false match is kept down to an acceptable level. The bulk of your failures to match will, actually, be false non-matches, i.e. people who really are on the database but who don't match up to it in this particular instance. And a terrorist is unlikely to want to chance it on the basis that they've got, say a 5 per cent chance of getting through. So you ignore them all? Ah, but when word gets around, the bad guys and the multiple applicants will take steps to file down their fingerprints a little before they attempt entry, and your acceptable compromise starts to morph into a security hole. Which is why flagging failures is important.

The network check is obviously useful in cases of passport failure (NB it's an offence not to get it fixed once you know it's broken), but is dependent on the network being up and the response being swift. The Home Office appears to envisage a pretty high level of network checking, but it seems reasonable to doubt that this will happen in real life. Current UK passports first became machine-readable in 1988, but are seldom machine-read. Theoretically this could be used to check that the passport actually exists, that the bearer is not on a watchlist, and that it has not been notified lost or stolen - but possibly not in the latter case. The Passport Office announced a lost and stolen database in December 2003, so IND (the Immigration and Nationality Directorate) may only recently have been able to start looking.

Similarly IND has also been working on an automated fingerprint system, intended to match fingers against the 350,000 fingerprints (a 2001 figure) it has on file, and a "warnings list" system. It also has a case information system developed by Siemens and called ACID Warehouse. Really.

As we contemplate how effectively we're not using the systems we've had available for 15 years, we should consider the way we're currently not using it. In the EU citizen channel at the airport we'll probably have the picture page of our passport looked at and be nodded through. The introduction of machines will add a more time-consuming stage to this (failures in the queue will slow you up, even if you register first time) and more staff. The process will still need the staff on the desk looking you over, unless we're going to trust machine decision-making entirely as our front line. As non-UK passports won't work with the system, other EU citizens will now have to have their own channel, faster than the UK one, or be sent to the Channel of Death, where we send everybody else. But if they are they'll complain to Brussels, and we'll be told to stoppit. There are actually strict EU limits on what immigration is allowed to ask the local citizenry - did you know this? "As a result of judgements in the European Court of Justice (ECJ), an immigration officer may not require an EEA national to answer questions regarding the purpose and duration of his journey and the financial means available to him. Examination should be restricted to the occasional discretionary warnings index check. Questions may only be directed at establishing whether the person's admission to the United Kingdom would result in a threat to public policy, or public security or public health." (Source: IND general guidance document. Get lippy at your own risk and don't blame us.)

Many difficult questions will arise at the airport, where conditions will be just about as optimum as they can get. But what about elsewhere, what about the ferryport? At busy ones, the increasing size of the ferries can produce longish unloading queues already, and mostly all that happens is that drivers holding a clutch of things that looks like approximately the right number of the right documents are waved through. So where do we put the reader? And where do we put the holding area where all the passengers get out of the car, deliver their print and get back in? Where do we put the tailback (quick, there's another three ferryloads coming in)? Nightmare. Monitoring departures is actually harder, because typically the passport check is conducted by the ferry staff, and there's a non-secure holding area beyond this where passengers could be switched. We can all look forward to hearing how the government's going to figure this one out without bankrupting all the ferry companies.